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AMENDMENTS TO THE CLAIMS 

1. (Currently Amended) A method of controlling usage of network resources on a 
communications network based on the identity of an authenticated user, the method comprising 
acts of: 

creatin g, with a relationship management module, one or more packet rules for analyzing 
packets received at one or more network devices of the communications network, each rule 
including a condition and action to be taken as part of providing a service of the communications 
network if a packet received at a device satisfies the condition, wherein the one or more packet 
rules are defined to examine any portion of a packet; 

storing the one or more packet rules in the communications network : 
creating , with the relationship management module, one or more service abstractions, 
each service abstraction representing a communications network service to be provided to users 
of the communications network, each service abstraction including a named set of one or more 
of the packet rules that, in combination, provide the represented communications network 
service; 

storing the one or more service abstractions in the communications network : 
associatin g, with the relationship management module, the one or more service 
abstractions with the identity of the authenticated user of the communications network; and 

in response to receipt of a packet at any of the network devices from the authenticated 
user, usin g, by any of the network devices, the one or more service abstractions associated with 
the identity of the authenticated user to control usage of network resources on the 
communications network, the using including applying the packet rules in the one or more 
service abstractions to the packet. 

2. (Previously Presented) The method of claim 1, further comprising an act of: 

configuring a network device of the communications network with one or more packet 
rules according to at least one of the service abstractions. 

3. (Previously Presented) The method of claim 2, wherein configuring the network device 
comprises: configuring a port module of a switching device of the communications network with 
one or more packet rules according to at least one of the service abstractions. 
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4. (Cancelled) 

5. (Previously Presented) The method of claim 1, further comprising an act of: 

distributing the one or more service abstractions to one or more network devices residing 
on the communications network. 

6. (Cancelled) 

7. (Previously Presented) The method of claim 1, further comprising an act of: 

creating one or more role abstractions, each role abstraction representing a role of users 
with respect to the communications network, and each role abstraction including a set of one or 
more service abstractions representing communications network services to be provided to users 
associated vdth the represented role, 

and wherein the act of associating one or more service abstractions with the identity of 
the authenticated user includes associating the identity of the authenticated user with one or 
more of the role abstractions. 

8. (Previously Presented) The method of claim 7, further comprising an act of: 

configuring a network device of the communications network with one or more packet 
rules according to one of the role abstractions. 

9. (Previously Presented) The method of claim 8, wherein configuring the network device with 
one or more packet rules according to one of the role abstractions comprises: configuring a port 
module of a switching device of the communications network with one or more packet rules 
according to one of the role abstractions. 

10. (Cancelled) 

11. (Previously Presented) The method of claim 7, furdier comprising an act of: 

distributing the one or more role abstractions to one or more network devices residing on 
the communications network. 
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12. (Cancelled) 

13. (Previously Presented) A system for enabling a network manager to control usage of network 
resources on a communications network based on the identity of an authenticated user, the 
system comprising: 

a rule editing module enabling the network manager to edit one or more packet rules for 
analyzing packets received at one or more devices of the communications network, each rule 
including a condition and action to be taken if a packet received at a device satisfies the 
condition; 

a service editing module enabling the network manager to edit one or more service 
abstractions, each service abstraction representing a communications network service to be 
provided to users of the communications network, each service abstraction including a named set 
of one or more of the packet rules that, in combination, provide the represented communications 
network service; 

a user management module enabling the network manager to associate users of the 
communications network with one or more of the service abstractions; 
and 

storage means for storing one or more of the service abstractions, one or more of the 
packet rules or one or more of the associations between users of the communications network 
and one or more of the service abstractions. 

14. (Original) The system of claim 13, further comprising: logic to configure a network device 
with one or more packet rules according to at least one of the service abstractions. 

15. (Original) The system of claim 14, wherein the logic comprises: port configuration logic to 
configure a port module of a switching device with one or more packet rules according to at least 
one of the service abstractions. 

16. (Cancelled) 

17. (Original) The system of claim 13, further comprising: a distribution module to distribute the 
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one or more service abstractions to one or more network devices residing on the communications 
network. 

18. (Cancelled) 

19. (Previously Presented) The system of claim 13, further comprising: 

a role editing module enabling the network manager to edit one or more role abstractions, 
each role abstraction representing a role of users with respect to the communications network, 
and each role abstraction including a set of one or more service abstractions representing 
communications network services to be provided to users associated with the represented role, 

and wherein the user management module further enables the network manager to 
associate users of the communications network with one or more of the role abstractions. 

20. (Original) The system of claim 19, further comprising: logic to configure a network device 
with one or more packet rules according to one of the role abstractions. 

21. (Original) 'I'hc syslcni of claim 20, wherein the logic comprises: port configuraUon logic lo 
configure a port module of a switching device with one or more packet rules according to one of 
the role abstractions. 

22. (Cancelled) 

23. (Original) The system of claim 19, further comprising: a distribution module to distribute the 
one or more role abstractions to one or more network devices residing on the communications 
network. 

Claims 24 -25 (Cancelled). 

26. (Previously Presented) A computer program product, comprising: a computer readable 
medium; and computer readable signals stored on the computer readable medium that define 
instructions that, as a result of being executed by a computer, instruct the computer to perform a 
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process of controlling usage of network resources on a communications network based on the 
identity of an authenticated user, the process comprising acts of: 

creating one or more packet rules for analyzing packets received at one or more devices 
of the communication network, each rule including a condition and action to be taken as part of 
providing a service of the communications network if a packet received at a device satisfies the 
condition, wherein the one or more packet rules are defined to examine any portion of a packet; 

storing the one or more packet rules; 

creating one or more service abstractions, each service abstraction representing a 
communications network service to be provided to users of the communications network, each 
service abstraction including a named set of one or more of the packet rules that, in combination, 
provide the represented communications network service; and 

storing the one or more service abstractions. 

27. (Previously Presented) A method of controlling usage of network resources on a 
communications network based on the identity of an authenticated user, the method comprising 

acts of: 

(a) defining one or more packet niles for analyzing packets received at one or more 
devices ol' the coniniunicalions network, each rule including a condition and action to be taken if 
a packet received at a device satisfies the condition, wherein the one or more packet rules are 
defined to examine any portion of a packet; 

(b) providing the one or more packet rules; 

(c) in response to a user, defining one or more role abstractions associated with an 
authenticated user, each role abstraction representing a role of an authenticated user with respect 
to the communications network for controlling usage of network resources on the 
communications network by the authenticated user, and each role abstraction including a set of 
one or more packet rules; and 

(d) providing the one or more role abstractions. 

28. (Previously presented) The method of claim 27, further comprising an act of: (e) configuring 
a network device of the communications network with one or more packet rules according to one 
of the role abstractions. 
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29. (Previously presented) The method of claim 28, wherein act (e) comprises: configuring a 
port module of a switching device of the communications network with one or more packet rules 
according to one of the role abstractions. 

30. (Cancelled) 

31. (Previously presented) The method of claim 27, further comprising an act of: (e) distributing 
the one or more role abstractions to one or more network devices residing on the 
communications network. 

32. (Cancelled) 

33. (Previously presented) A system for controlling usage of network resources on a 
communications network based on the identity of an authenticated user, the system comprising: 

a rule editing module to create one or more packet rules for analyzing packets received at 
one or more devices of the communicalions network, each rule including a condition and action 
to be taken if a packet received at a device satisfies the condition, wherein the one or more 
packet rules are defined to examine any portion of a packet; 

a role editing module to create, in response to a user, one or more role abstractions 
associated with an authenticated user, each role abstraction representing a role of an 
authenticated user with respect to the communications network for controlling usage of network 
resources on the communications network by the authenticated user, and each role abstraction 
including a set of one or more packet rules; and 

storage means for storing one or more created role abstractions or one or more created 
packet rules. 



34. (Original) The system of claim 33, further comprising: logic to configure a port module of a 
network device with one or more packet rules according to one of the role abstractions. 

35. (Original) The system of claim 34, wherein the logic comprises: port configuration logic to 

7 

MEl 8942259V.1 



Application No.: 10/071,228 



New Docket No.: 118156-01201 



configure a port module of a switching device with one or more packet rules according to one of 
the role abstractions. 

36. (Cancelled) 

37. (Original) The system of claim 33, further comprising: a distribution module to distribute the 
one or more role abstractions to one or more network devices residing on the communications 
network. 

Claims 38 - 39 (Cancelled). 

40. (Previously presented) A computer program product, comprising: a computer readable 
medium; and computer readable signals stored on the computer readable medium that define 
instructions that, as a result of being executed by a computer, instruct the computer to perform a 
process of controlling usage of network resources on a communications network based on the 
identity of an authenticated user, the process comprising acts of: 

(a) creating one or more packet niles for analyzing packets received at one or more 
devices ol' the communications network, each rule including a condition and action to be taken if 
a packet received at a device satisfies the condition, wherein the one or more packet rules are 
defined to examine any portion of a packet; 

(b) storing the one or more packet rules; 

(c) in response to a user, creating one or more role abstractions associated with an 
authenticated user, each role abstraction representing a role of an authenticated user with respect 
to the communications network for controlling usage of network resources on the 
communications network by the authenticated user, and each role abstraction including a set of 

one or more packet rules; and 

(d) storing the one or more role abstractions. 

41. (New) The method of claim 1, wherein the relationship management module comprises any 
of firmware, electronic circuitry or programmatically generated instructions. 
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42. (New) A method of controlling usage of network resources on a communications network 
based on the identity of an authenticated user, the method comprising acts of: 

creating, with at least one computer, one or more packet rules for analyzing packets 
received at one or more network devices of the communications network, each rule including a 
condition and action to be taken as part of providing a service of the communications network if 
a packet received at a device satisfies the condition, wherein the one or more packet rules are 
defined to examine any portion of a packet; 

storing, with at least one computer, the one or more packet rules; 

creating, with at least one computer, one or more service abstractions, each service 
abstraction representing a communications network service to be provided to users of the 
communications network, each service abstraction including a named set of one or more of the 
packet rules that, in combination, provide the represented communications network service; 

storing, with at least one computer, the one or more service abstractions; 

associating, by at least one computer and by the one or more service abstractions, with 
the identity of the authenticated user of the communications network; 

in response to receipt of a packet at any of the network devices from the authenticated 
user, using, by one of the network devices, the one or more service abstractions associated with 
the identity of the authenticated user to control usage of network resources on the 
communications network, the using including applying the packet rules in the one or more 
service abstractions to the packet; and 

creating, with at least one computer, one or more role abstractions, each role abstraction 
representing a role of users with respect to the communications network, and each role 
abstraction including a set of one or more service abstractions representing communications 
network services to be provided to users associated with the represented role, 

and wherein the act of associating one or more service abstractions with the identity of 
the authenticated user includes associating the identity of the authenticated user with one or 
more of the role abstractions. 

43. (New) The method of claim 42, further comprising an act of: 

configuring, with at least one computer, a network device of the communications 
network with one or more packet rules according to one of the role abstractions. 
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44. (New) The method of claim 43, wherein configuring the network device with one or more 
packet rules according to one of the role abstractions comprises: configuring, with at least one 
computer, a port module of a switching device of the communications network with one or more 
packet rules according to one of the role abstractions. 

45. (New) The method of claim 42, further comprising an act of: 

distributing, with at least one computer, the one or more role abstractions to one or more 
network devices residing on the communications network. 

46. (New) The method of claim 42, wherein the with at least one computer comprises any of 
firmware, electronic circuitry or programmatically generated instructions. 

47. (New) A system for enabling a network manager to control usage of network resources on a 
communications network based on the identity of an authenticated user, the system comprising: 

a rule editing module enabling the network manager to edit one or more packet rales for 
analyzing packets received at one or more devices of the communications network, each rule 
including a condition and action to be taken if a packet received at a device satisfies the 
condition; 

a service editing module enabling the network manager to edit one or more service 
abstractions, each service abstraction representing a communications network service to be 
provided to users of the communications network, each service abstraction including a named set 
of one or more of the packet rules that, in combination, provide the represented communications 
network service; 

a user management module enabling the network manager to associate users of the 
communications network with one or more of the service abstractions; 

storage means for storing one or more of the service abstractions, one or more of the 
packet rules or one or more of the associations between users of the communications network 

and one or more of the service abstractions; and 

a role editing module enabling the network manager to edit one or more role abstractions, 
each role abstraction representing a role of users with respect to the communications network, 
and each role abstraction including a set of one or more service abstractions representing 
communications network services to be provided to users associated with the represented role, 
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and wherein the user management module further enables the network manager to 
associate users of the communications network with one or more of the role abstractions. 

48. (New) The system of claim 47, further comprising: logic to configure a network device with 
one or more packet rules according to one of the role abstractions. 

49. (New) The system of claim 48, wherein the logic comprises: port configuration logic to 
configure a port module of a switching device with one or more packet rules according to one of 
the role abstractions. 

50. (New) The system of claim 47, further comprising: a distribution module to distribute the 
one or more role abstractions to one or more network devices residing on the communications 
network. 
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